Thank you very much, Using "" as the second suffix worked.
Is there a solution that will work for additional DITs too, for example if I wanted 6 of them ? I saw that when I set the suffix = "" for two DITs, slapd complained that... <suffix> namingContext "" already served by a preceding sql database serving namingContext "" Thanks again for such a fast and accurate response Alan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dieter Klünter Sent: Sunday, March 02, 2014 12:32 AM To: [email protected] Subject: Re: back-sql mysql and multiple DITs Am Sun, 2 Mar 2014 05:55:30 +0000 schrieb "Robson, Alan" <[email protected]>: > Hi, > > I have tried to set up a single instance of slapd serving information > from two DITs that have been defined in separate mysql databases. I > can comment out the database entries for either DIT, and everything > works for the other DIT. But it won't support the two DITs > simultaneously (it seems random which DIT will return results and > which returns "no such object" when I restart slapd with both DITs > configured). All the odbc stuff for both backends seems fine, isql > runs and of course either database can be accessed through ldapsearch > if it is the only one slapd serves. > > I can even run two instances of slapd, one with each DIT and > successfully query them separately with ldapsearch, but I'd prefer one > instance with the two DITs if possible. Could you please help me get > this running, or is it just the law that only one sql backend can be > used per server ? > > Many thanks > > Alan > > Slaptest says (when both DITs are defined in one slapd.conf)... > > WARNING: No dynamic config support for database sql. > WARNING: No dynamic config support for database sql. > config file testing succeeded > > slapd.conf (with both backends/DITs) is: > > # $OpenLDAP$ > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > loglevel 64 > > moduleload /usr/lib64/openldap/back_sql.la > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/farm.schema > > # Define global ACLs to disable default read access. > # Do not enable referrals until AFTER you have a working directory # > service AND an understanding of referrals. > #referral ldap://root.openldap.org > > #pidfile /usr/local/var/slapd.pid > #pidfile /var/run/openldap/slapd.pid > #argsfile /usr/local/var/slapd.args > > ###################################################################### > # > # sql database definitions > ###################################################################### > # > > database sql > suffix "dc=server,dc=farm" > rootdn "cn=root,dc=server,dc=farm" > rootpw *********** > dbname openldap > dbuser openldap > dbpasswd *************** > subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" > insentry_stmt "INSERT INTO ldap_entries > (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" > has_ldapinfo_dn_ru no > > database sql > suffix "dc=lab,dc=farm" > rootdn "cn=root,dc=lab,dc=farm" > rootpw ********** > dbname lab > dbuser ldap > dbpasswd ******** > subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" > insentry_stmt "INSERT INTO ldap_entries > (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" > has_ldapinfo_dn_ru no There are some solutions 1. define NULL values for suffix, that is suffix "" 2. attach 1 sql database to a subordinate relay database with additional rwm modul and a suffixmassage rule. -Dieter -- Dieter Klünter | Systemberatung https://urldefense.proofpoint.com/v1/url?u=http://sys4.de/&k=OWT%2FB14AE7ysJN06F7d2nQ%3D%3D%0A&r=OzuJgNYWNrY%2F3yqABVDsLpgwbUfST3hTZUuwDEyrkFA%3D%0A&m=OZNhaL9fGGK3VCDH1w0LG1wnv9Ch5iSTL%2B2sBwEUYbE%3D%0A&s=6dcb7e32b3d092ed1f448c2e2bd728ed304e06be6a237262e4b21ada7a849c65 GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
